summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/ct.h3
-rw-r--r--include/statement.h2
-rw-r--r--src/ct.c16
-rw-r--r--src/evaluate.c1
-rw-r--r--src/netlink_delinearize.c8
-rw-r--r--src/netlink_linearize.c11
-rw-r--r--src/parser_bison.y6
-rw-r--r--src/scanner.l2
-rw-r--r--tests/py/any/ct.t2
-rw-r--r--tests/py/any/ct.t.payload4
10 files changed, 55 insertions, 0 deletions
diff --git a/include/ct.h b/include/ct.h
index 0aeeed60..03e76e61 100644
--- a/include/ct.h
+++ b/include/ct.h
@@ -31,4 +31,7 @@ extern struct error_record *ct_dir_parse(const struct location *loc,
const char *str, int8_t *dir);
extern struct error_record *ct_key_parse(const struct location *loc, const char *str,
unsigned int *key);
+
+extern struct stmt *notrack_stmt_alloc(const struct location *loc);
+
#endif /* NFTABLES_CT_H */
diff --git a/include/statement.h b/include/statement.h
index e278b706..fe83717f 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -208,6 +208,7 @@ extern struct stmt *xt_stmt_alloc(const struct location *loc);
* @STMT_FWD: forward statement
* @STMT_XT: XT statement
* @STMT_QUOTA: quota statement
+ * @STMT_NOTRACK: notrack statement
*/
enum stmt_types {
STMT_INVALID,
@@ -230,6 +231,7 @@ enum stmt_types {
STMT_FWD,
STMT_XT,
STMT_QUOTA,
+ STMT_NOTRACK,
};
/**
diff --git a/src/ct.c b/src/ct.c
index 81918764..e5327539 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -414,6 +414,22 @@ struct stmt *ct_stmt_alloc(const struct location *loc, enum nft_ct_keys key,
return stmt;
}
+static void notrack_stmt_print(const struct stmt *stmt)
+{
+ printf("notrack");
+}
+
+static const struct stmt_ops notrack_stmt_ops = {
+ .type = STMT_NOTRACK,
+ .name = "notrack",
+ .print = notrack_stmt_print,
+};
+
+struct stmt *notrack_stmt_alloc(const struct location *loc)
+{
+ return stmt_alloc(loc, &notrack_stmt_ops);
+}
+
static void __init ct_init(void)
{
datatype_register(&ct_state_type);
diff --git a/src/evaluate.c b/src/evaluate.c
index 878efacd..c60e0f11 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2478,6 +2478,7 @@ int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt)
case STMT_COUNTER:
case STMT_LIMIT:
case STMT_QUOTA:
+ case STMT_NOTRACK:
return 0;
case STMT_EXPRESSION:
return stmt_evaluate_expr(ctx, stmt);
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 434089b7..66d38caa 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -635,6 +635,13 @@ static void netlink_parse_numgen(struct netlink_parse_ctx *ctx,
netlink_set_register(ctx, dreg, expr);
}
+static void netlink_parse_notrack(struct netlink_parse_ctx *ctx,
+ const struct location *loc,
+ const struct nftnl_expr *nle)
+{
+ ctx->stmt = notrack_stmt_alloc(loc);
+}
+
static void netlink_parse_ct_stmt(struct netlink_parse_ctx *ctx,
const struct location *loc,
const struct nftnl_expr *nle)
@@ -1127,6 +1134,7 @@ static const struct {
{ .name = "range", .parse = netlink_parse_range },
{ .name = "reject", .parse = netlink_parse_reject },
{ .name = "nat", .parse = netlink_parse_nat },
+ { .name = "notrack", .parse = netlink_parse_notrack },
{ .name = "masq", .parse = netlink_parse_masq },
{ .name = "redir", .parse = netlink_parse_redir },
{ .name = "dup", .parse = netlink_parse_dup },
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 6c0f39bf..2bee6844 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1095,6 +1095,15 @@ static void netlink_gen_ct_stmt(struct netlink_linearize_ctx *ctx,
nftnl_rule_add_expr(ctx->nlr, nle);
}
+static void netlink_gen_notrack_stmt(struct netlink_linearize_ctx *ctx,
+ const struct stmt *stmt)
+{
+ struct nftnl_expr *nle;
+
+ nle = alloc_nft_expr("notrack");
+ nftnl_rule_add_expr(ctx->nlr, nle);
+}
+
static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx,
const struct stmt *stmt)
{
@@ -1190,6 +1199,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx,
nle = netlink_gen_stmt_stateful(ctx, stmt);
nftnl_rule_add_expr(ctx->nlr, nle);
break;
+ case STMT_NOTRACK:
+ return netlink_gen_notrack_stmt(ctx, stmt);
default:
BUG("unknown statement type %s\n", stmt->ops->name);
}
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 74f24a52..91955c18 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -425,6 +425,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token XML "xml"
%token JSON "json"
+%token NOTRACK "notrack"
+
%type <string> identifier type_identifier string comment_spec
%destructor { xfree($$); } identifier type_identifier string comment_spec
@@ -2564,6 +2566,10 @@ meta_stmt : META meta_key SET expr
$$ = meta_stmt_alloc(&@$, key, $4);
}
+ | NOTRACK
+ {
+ $$ = notrack_stmt_alloc(&@$);
+ }
;
offset_opt : /* empty */ { $$ = 0; }
diff --git a/src/scanner.l b/src/scanner.l
index 9cb8d778..cd7398b4 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -467,6 +467,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"fib" { return FIB; }
+"notrack" { return NOTRACK; }
+
"xml" { return XML; }
"json" { return JSON; }
diff --git a/tests/py/any/ct.t b/tests/py/any/ct.t
index cc4f8e19..7cb49c26 100644
--- a/tests/py/any/ct.t
+++ b/tests/py/any/ct.t
@@ -101,3 +101,5 @@ ct invalid;fail
ct invalid original;fail
ct set invalid original 42;fail
ct set invalid 42;fail
+
+notrack;ok
diff --git a/tests/py/any/ct.t.payload b/tests/py/any/ct.t.payload
index 746b75e3..26aeec31 100644
--- a/tests/py/any/ct.t.payload
+++ b/tests/py/any/ct.t.payload
@@ -341,3 +341,7 @@ ip test-ip4 output
[ immediate reg 1 0x00000000 0x00000000 0x00000000 0x80000000 ]
[ ct set label with reg 1 ]
+# notrack
+ip test-ip4 output
+ [ notrack ]
+